In order to access functionality within an application or service, a user will often be required to provide authentication credentials. For example, the application or service may require a username or password to be provided prior to allowing access to such application or service.
Users typically have many applications or services that they access, and each may require one or more authentication credentials. For example, a user may access online banking and require a first authentication credential, an application storefront which may require a second authentication credential, social media sites which may require further authentication credentials, email services that require further credentials, among others.
In many cases, a user will reuse the same password or other authentication credentials between those sites in order to allow the user to remember such credentials. However, this creates security issues and compromises the user's data if one of such applications or services is breached.
In order to overcome this, users may store credentials in a credential vault. As used herein, a credential vault can be any digital vault that is used to store information for access to an application or service. For example, the credential vault may store a user name and password for each application or service.
The credential vault itself is typically encrypted and requires a decryption key to access contents stored therein. Because such decryption key allows the decryption of the user's credentials for a plurality of applications or services, the password used to generate such decryption key is referred to herein as the master password for the user. Specifically, the master password, when passed through a key derivation function, creates the decryption key for the credential vault.
Typically, the master password is known only to the owner of the credential vault. If the master password is forgotten, then all data within the credential vault is effectively lost.